thr3ads.net - Secure testing commits - [Secure-testing-commits] r14353

If this information is useful, please help other people find it:
Share via:
Joey Hess
2010-Mar-29 21:14 UTC
[Secure-testing-commits] r14353 - data/CVE

Author: joeyh
Date: 2010-03-29 21:14:22 +0000 (Mon, 29 Mar 2010)
New Revision: 14353

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-03-29 18:21:28 UTC (rev 14352)
+++ data/CVE/list	2010-03-29 21:14:22 UTC (rev 14353)
@@ -1,3 +1,57 @@
+CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x
before 3.5 ...)
+	TODO: check
+CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before
4.2 does ...)
+	TODO: check
+CVE-2010-1134 (SQL injection vulnerability in the _find function in
searchlib.php in ...)
+	TODO: check
+CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware
4.x ...)
+	TODO: check
+CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP
SP3, ...)
+	TODO: check
+CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and
5.3.1, ...)
+	TODO: check
+CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not
properly ...)
+	TODO: check
+CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13
does not ...)
+	TODO: check
+CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain
data ...)
+	TODO: check
+CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers
to ...)
+	TODO: check
+CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows
remote ...)
+	TODO: check
+CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support
reading ...)
+	TODO: check
+CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile
with ...)
+	TODO: check
+CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in
...)
+	TODO: check
+CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger
Club ...)
+	TODO: check
+CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top
Paidmailer ...)
+	TODO: check
+CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and
3.2.2 ...)
+	TODO: check
+CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My
Category ...)
+	TODO: check
+CVE-2009-4747 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in
Dreamlevels ...)
+	TODO: check
+CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in
Dreamlevels ...)
+	TODO: check
+CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module
in ...)
+	TODO: check
+CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow
remote ...)
+	TODO: check
+CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67
in ...)
+	TODO: check
+CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card
(ws_ecard) ...)
+	TODO: check
+CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate
Dating ...)
+	TODO: check
 CVE-2010-XXXX [freeciv lua]
 	- freeciv <unfixed> (low)
 	[lenny] - freeciv <no-dsa> (Minor issue)
@@ -298,10 +352,10 @@
 	RESERVED
 CVE-2010-0990
 	RESERVED
-CVE-2010-0989
-	RESERVED
-CVE-2010-0988
-	RESERVED
+CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS
before ...)
+	TODO: check
+CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3
allow ...)
+	TODO: check
 CVE-2010-0987
 	RESERVED
 CVE-2010-0986
@@ -521,7 +575,7 @@
 	NOT-FOR-US: phpDirectorySource
 CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource
1.x ...)
 	NOT-FOR-US: phpDirectorySource
-CVE-2010-1132 [spamass-milter report on full-disclosure]
+CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin
Milter ...)
 	{DSA-2021-1}
 	- spamass-milter 0.3.1-9 (bug #573228)
 	[lenny] - spamass-milter 0.3.1-8+lenny1
@@ -1064,8 +1118,7 @@
 	RESERVED
 CVE-2010-0741
 	RESERVED
-CVE-2010-0740 [OpenSSL null pointer dereference]
-	RESERVED
+CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f
through ...)
 	- openssl 0.9.8n-1 (medium; bug #575607)
 	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit
shorts)
 	NOTE: http://www.openssl.org/news/secadv_20100324.txt
@@ -1093,8 +1146,7 @@
 	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver
2.28)
 	NOTE: http://osvdb.org/show/osvdb/61203
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
-CVE-2010-0731 [historic GNUTLS issue]
-	RESERVED
+CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library
before ...)
 	- gnutls26 <not-affected> (Fixed before initial release)
 	- gnutls13 1.2.1-1
 CVE-2010-0730
@@ -1899,8 +1951,7 @@
 	[etch] - asterisk <not-affected> (Only affects 1.6.x)
 CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation
in ...)
 	NOT-FOR-US: Cisco Secure Desktop
-CVE-2010-0439 [Multiple vulnerabilities in Deliver]
-	RESERVED
+CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of
...)
 	- deliver <removed>
 CVE-2010-0438 (Multiple SQL injection vulnerabilities in
Kernel/System/Ticket.pm in ...)
 	{DSA-1993-1}
@@ -3078,8 +3129,8 @@
 	RESERVED
 CVE-2009-4506
 	RESERVED
-CVE-2009-4505
-	RESERVED
+CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS
OAMP ...)
+	TODO: check
 CVE-2009-4504
 	RESERVED
 CVE-2009-4503
Secure testing commits - Mar 2010 - r14353 - data/CVE

[Secure-testing-commits] r14353 - data/CVE
